1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
|
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
*/
#ifndef _AUDIT_SCF_H
#define _AUDIT_SCF_H
#ifdef __cplusplus
extern "C" {
#endif
/*
* auditd smf(5)/libscf(3LIB) interface - set and display audit parameters
*/
#include <audit_plugin.h>
#include <bsm/libbsm.h>
#include <ctype.h>
#include <libintl.h>
#include <libscf_priv.h>
#include <stdlib.h>
#include <strings.h>
#include <sys/varargs.h>
#include <ucontext.h>
#include <zone.h>
/* gettext() obfuscation routine for lint */
#ifdef __lint
#define gettext(x) x
#endif
#ifndef DEBUG
#define DEBUG 0
#endif
#if DEBUG
FILE *dbfp; /* debug file pointer */
#define DPRINT(x) { if (dbfp == NULL) dbfp = __auditd_debug_file_open(); \
(void) fprintf x; (void) fflush(dbfp); }
#else /* ! DEBUG */
#define DPRINT(x)
#endif
/* Audit subsystem service instances */
#define AUDITD_FMRI "svc:/system/auditd:default"
#define AUDITSET_FMRI "svc:/system/auditset:default"
/* (ASI) Audit service instance SCF handles - libscf(3LIB) */
struct asi_scfhandle {
scf_handle_t *hndl; /* base scf handle */
scf_instance_t *inst; /* service instance handle */
scf_propertygroup_t *pgrp; /* property group handle */
scf_property_t *prop; /* property handle */
};
typedef struct asi_scfhandle asi_scfhandle_t;
struct asi_scfhandle_iter {
scf_iter_t *pgrp; /* property group iter handle */
scf_iter_t *prop; /* property iter handle */
scf_value_t *prop_val; /* property value */
};
typedef struct asi_scfhandle_iter asi_scfhandle_iter_t;
/*
* (ASI) Audit service instance (svc:/system/auditd:default) related
* configuration parameters.
*/
#define ASI_PGROUP_POLICY "policy"
struct policy_sw {
char *policy;
boolean_t flag;
};
typedef struct policy_sw policy_sw_t;
#define ASI_PGROUP_QUEUECTRL "queuectrl"
#define QUEUECTRL_QBUFSZ "qbufsz"
#define QUEUECTRL_QDELAY "qdelay"
#define QUEUECTRL_QHIWATER "qhiwater"
#define QUEUECTRL_QLOWATER "qlowater"
struct scf_qctrl {
uint64_t scf_qhiwater;
uint64_t scf_qlowater;
uint64_t scf_qbufsz;
uint64_t scf_qdelay;
};
typedef struct scf_qctrl scf_qctrl_t;
#define ASI_PGROUP_PRESELECTION "preselection"
#define PRESELECTION_FLAGS "flags"
#define PRESELECTION_NAFLAGS "naflags"
#define PRESELECTION_MAXBUF 256 /* max. length of na/flags */
/* auditd(1M) plugin related well known properties */
#define PLUGIN_ACTIVE "active" /* plugin state */
#define PLUGIN_PATH "path" /* plugin shared object */
#define PLUGIN_QSIZE "qsize" /* plugin queue size */
#define PLUGIN_MAX 256 /* max. amount of plugins */
#define PLUGIN_MAXBUF 256 /* max. length of plugin name */
#define PLUGIN_MAXATT 256 /* max. length of plugin attr */
#define PLUGIN_MAXKEY 256 /* max. length of plugin key */
#define PLUGIN_MAXVAL 256 /* max. length of plugin val */
struct scf_plugin_kva_node {
struct scf_plugin_kva_node *next;
struct scf_plugin_kva_node *prev;
char plugin_name[PLUGIN_MAXBUF];
kva_t *plugin_kva;
};
typedef struct scf_plugin_kva_node scf_plugin_kva_node_t;
/* Boundary checking macros for the queuectrl parameters. */
#define AQ_MINLOW 1
#define CHK_BDRY_QBUFSZ(x) !((x) < AQ_BUFSZ || (x) > AQ_MAXBUFSZ)
#define CHK_BDRY_QDELAY(x) !((x) == 0 || (x) > AQ_MAXDELAY)
#define CHK_BDRY_QLOWATER(low, high) !((low) < AQ_MINLOW || (low) >= (high))
#define CHK_BDRY_QHIWATER(low, high) !((high) <= (low) || \
(high) < AQ_LOWATER || \
(high) > AQ_MAXHIGH)
/*
* MAX_PROPVECS maximum number of audit properties that will
* fit in the uint32_t audit policy mask.
*/
#define MAX_PROPVECS 32
boolean_t do_getflags_scf(char **);
boolean_t do_getnaflags_scf(char **);
boolean_t do_getpluginconfig_scf(char *, scf_plugin_kva_node_t **);
boolean_t do_getpolicy_scf(uint32_t *);
boolean_t do_getqbufsz_scf(size_t *);
boolean_t do_getqctrl_scf(struct au_qctrl *);
boolean_t do_getqdelay_scf(clock_t *);
boolean_t do_getqhiwater_scf(size_t *);
boolean_t do_getqlowater_scf(size_t *);
boolean_t do_setflags_scf(char *);
boolean_t do_setnaflags_scf(char *);
boolean_t do_setpluginconfig_scf(char *, boolean_t, char *, int);
boolean_t do_setpolicy_scf(uint32_t);
boolean_t do_setqbufsz_scf(size_t *);
boolean_t do_setqctrl_scf(struct au_qctrl *);
boolean_t do_setqdelay_scf(clock_t *);
boolean_t do_setqhiwater_scf(size_t *);
boolean_t do_setqlowater_scf(size_t *);
void free_static_att_kva(kva_t *);
uint32_t get_policy(char *);
boolean_t plugin_avail_scf(const char *);
void plugin_kva_ll_free(scf_plugin_kva_node_t *);
void prt_error_va(char *, va_list);
#ifdef __cplusplus
}
#endif
#endif /* _AUDIT_SCF_H */
|
